List of open ports :
Vulnerability found on port ftp (21/tcp)
Vulnerability found on port ftp (21/tcp)
Information found on port ftp (21/tcp)
An FTP server is running on this port.
Here is its banner :
220 westa.mimuw.edu.pl FTP server (ULTRIX Version 4.1 Fri Jul 24 13:34:28 EDT 1992) ready.
Information found on port ftp (21/tcp)
Remote FTP server banner :
220 westa.mimuw.edu.pl FTP server (ULTRIX Version 4.1 Fri Jul 24 13:34:28 EDT 1992) ready.
Vulnerability found on port ssh (22/tcp)
Warning found on port ssh (22/tcp)
You are running a version of SSH which is
older than (or as old as) version 1.2.27.
If you compiled ssh with kerberos support,
then an attacker may eavesdrop your users
kerberos tickets, as sshd will set
the environment variable KRB5CCNAME to
'none', so kerberos tickets will be stored
in the current working directory of the
user, as 'none'.
If you have nfs/smb shared disks, then an attacker
may eavesdrop the kerberos tickets of your
users using this flaw.
*** If you are not using kerberos, then
*** ignore this warning.
Risk factor : Serious
Solution : use ssh 1.2.28 or newer
CVE : CVE-2000-0575
Warning found on port ssh (22/tcp)
You are running a version of SSH which is
older than (or as old as) version 1.2.27.
If this version was compiled against the
RSAREF library, then it is very likely to
be vulnerable to a buffer overflow which
may be exploited by an attacker to gain
root on your system.
To determine if you compiled ssh against
the RSAREF library, type 'ssh -V' on the
remote host.
Risk factor : High
Solution : Use ssh 2.x, or do not compile ssh
against the RSAREF library
CVE : CVE-1999-0834
Warning found on port ssh (22/tcp)
The remote SSH daemon supports connections made
using the version 1.33 and/or 1.5 of the SSH protocol.
These protocols are not completely cryptographically
safe so they should not be used.
Solution :
If you use OpenSSH, set the option 'Protocol' to '2'
If you use SSH.com's set the option 'Ssh1Compatibility' to 'no'
Risk factor : Low
Information found on port ssh (22/tcp)
An ssh server is running on this port
Information found on port ssh (22/tcp)
Remote SSH version : SSH-1.5-1.2.25
Information found on port ssh (22/tcp)
The remote SSH daemon supports the following versions of the
SSH protocol :
. 1.33
. 1.5
. 1.99
Information found on port telnet (23/tcp)
The service closed the connection after 0 seconds without sending any data
It might be protected by some TCP wrapper
Vulnerability found on port smtp (25/tcp)
Vulnerability found on port smtp (25/tcp)
Warning found on port smtp (25/tcp)
The remote SMTP server
answers to the EXPN and/or VRFY commands.
The EXPN command can be used to find
the delivery address of mail aliases, or
even the full name of the recipients, and
the VRFY command may be used to check the
validity of an account.
Your mailer should not allow remote users to
use any of these commands, because it gives
them too much information.
Solution : if you are using Sendmail, add the
option
O PrivacyOptions=goaway
in /etc/sendmail.cf.
Risk factor : Low
CVE : CAN-1999-0531
Warning found on port smtp (25/tcp)
The remote SMTP server allows the relaying. This means that
it allows spammers to use your mail server to send their mails to
the world, thus wasting your network bandwidth.
Risk factor : Low/Medium
Solution : configure your SMTP server so that it can't be used as a relay
any more.
CVE : CAN-1999-0512
Warning found on port smtp (25/tcp)
The remote SMTP server allows relaying for authenticated users.
It is however possible to poison the logs
this means that spammers
would be able to use your server to send their e-mails to
the world, thus wasting your network bandwidth and getting you
blacklisted.
*** Some SMTP servers such as Postfix will display a false positive
*** here
Risk factor : Low
Solution : Disable poprelayd
Warning found on port smtp (25/tcp)
The remote SMTP server is vulnerable to a redirection
attack. That is, if a mail is sent to :
user@hostname1@victim
Then the remote SMTP server (victim) will happily send the
mail to :
user@hostname1
Using this flaw, an attacker may route a message
through your firewall, in order to exploit other
SMTP servers that can not be reached from the
outside.
*** THIS WARNING MAY BE A FALSE POSITIVE, SINCE
SOME SMTP SERVERS LIKE POSTFIX WILL NOT
COMPLAIN BUT DROP THIS MESSAGE ***
Solution : if you are using sendmail, then at the top
of ruleset 98, in /etc/sendmail.cf, insert :
R$*@$*@$* $#error $@ 5.7.1 $: '551 Sorry, no redirections.'
Risk factor : Low
Warning found on port smtp (25/tcp)
You are running a version of Sendmail which is older
than version 8.9.0.
There's a flaw in this version which allows people to send
mail anonymously through this server (their IP won't be shown
to the recipient), through a buffer overflow in the HELO
command.
*** Nessus reports this vulnerability using only
*** information that was gathered. Use caution
*** when testing without safe checks enabled.
Solution : upgrade to sendmail 8.9.0 or newer
Risk factor : Low
CVE : CAN-1999-0098
Information found on port smtp (25/tcp)
An unknown service is running on this port.
It is usually reserved for SMTP
Information found on port elcsd (704/tcp)
The service closed the connection after 0 seconds without sending any data
It might be protected by some TCP wrapper
Warning found on port unknown (6000/tcp)
This X server does *not* allow any client to connect to it
however it is recommended that you filter incoming connections
to this port as attacker may send garbage data and slow down
your X session or even kill the server.
Here is the server version : 11.0
Here is the message we received : Client is not authorized to connect to Server
Solution : filter incoming connections to ports 6000-6009
Risk factor : Low
CVE : CVE-1999-0526
Warning found on port general/tcp
The remote host uses non-random IP IDs, that is, it is
possible to predict the next value of the ip_id field of
the ip packets sent by this host.
An attacker may use this feature to determine if the remote
host sent a packet in reply to another request. This may be
used for portscanning and other things.
Solution : Contact your vendor for a patch
Risk factor : Low
Information found on port general/tcp
Nmap found that this host is running Ultrix 4.2 - 4.5
Vulnerability found on port snmp (161/udp)
Warning found on port snmp (161/udp)
It was possible to obtain the list of network interfaces of the
remote host via SNMP :
. ln0EquipMfr
. ln0EquipMfr
. ln0EquipMfr
. ln0EquipMfr
. lo0EquipMfr
. lo0EquipMfr
. lo0EquipMfr
. lo0EquipMfr
An attacker may use this information to gain more knowledge about
the target host.
Solution : disable the SNMP service on the remote host if you do not
use it, or filter incoming UDP packets going to this port
Risk factor : Low
Information found on port snmp (161/udp)
Using SNMP, we could determine that the remote operating system is :
westa.mimuw.edu.pl:DS5000_100:ULTRIX V4.3 (Rev. 44) System #2
Warning found on port general/icmp
The remote host answered to an ICMP_MASKREQ
query and sent us its netmask (255.255.255.0)
An attacker can use this information to
understand how your network is set up
and how the routing is done. This may
help him to bypass your filters.
Solution : reconfigure the remote host so
that it does not answer to those requests.
Set up filters that deny ICMP packets of
type 17.
Risk factor : Low
CVE : CAN-1999-0524
Warning found on port general/icmp
The remote host answers to an ICMP timestamp
request. This allows an attacker to know the
date which is set on your machine.
This may help him to defeat all your
time based authentication protocols.
Solution : filter out the ICMP timestamp
requests (13), and the outgoing ICMP
timestamp replies (14).
Risk factor : Low
CVE : CAN-1999-0524
Information found on port general/udp
For your information, here is the traceroute to 10.1.2.41 :
10.1.1.31
10.1.2.41